I think that we have the "evidence". The security MD5 depends heavily on a lot of nonlinearities in functions F,G,I and on carries in arithmetic additions. Nonlinearities in F,G,I are bitwise and very weak. Carries are much stronger, but the collision attacks showed that it is possible to controll them also. New differential schemes (paths) could be proposed, new ways of controlling the interior variables of MD5 could be discovered. It could lead to the second preimage attacks and maybe further. Vlastimil Klima
----- PŮVODNÍ ZPRÁVA ----- Od: "Victor Duchovni" <[EMAIL PROTECTED]> Komu: cryptography@metzdowd.com Předmět: Re: [Cfrg] HMAC-MD5 Datum: 29.3.2006 - 21:14:06 > On Wed, Mar 29, 2006 at 10:51:08AM +0200, > [EMAIL PROTECTED] wrote: > > > In am nearly sure that a preimage attack (MD5) will be found > > in the > > next two or three years. > > Is there already evidence of progress in that direction? > > -- > Viktor. > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to > [EMAIL PROTECTED] > -- ! NOVINKA ! Vybruslete z jarni unavy! Inline brusle Nike za fantasticke ceny od 1999 Kc! http://www.sportobchod.cz/Prehled.php?kat1=10 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]